Project

General

Profile

Feature #5864

remove cryptkeeper

Added by Tails almost 6 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

Wikipedia lists the following disadvantages (by design) of EncFS (used by CryptKeeper, which we are shipping):

  • EncFS volumes cannot be formatted with an arbitrary filesystem. They share the same features and restrictions as the filesystem containing the source directory.
  • Fragmentation of the encrypted volume causes fragmentation of the filesystem containing the source directory.
  • Anyone having access to the source directory is able to see how many files are in the encrypted filesystem, what permissions they have, their approximate size, and the last time they were accessed or modified.

The last point is especially worrying from a security POV (no leaks are good) and show why encrypted filesystems like EncFS are inferior to full disk encryption solutions like LUKS. Since "persistence":./persistence.html is implemented, and is using LUKS, we should consider removing CryptKeeper to stop encouraging its use.

done in Tails 0.12.


Related issues

Related to Tails - Feature #6622: Include EncFS Rejected 01/23/2014

History

#1 Updated by intrigeri almost 6 years ago

  • Type of work set to Code

Type of work: Code

Also available in: Atom PDF